HPE Aruba Networking ClearPass for Zero Trust Security

Authenticate, authorize, and enforce secure network access control with role-based network policies based on Zero Trust Security.

Simplify network access and security with ClearPass products

Robust Network Access Control

HPE Aruba Networking ClearPass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement. Its highly interoperability feature helps customers to leverage their investment in earlier security products.

Automated BYOD provisioning and device compliance

With ClearPass Onboard, easily create and deploy BYOD workflows to authorize employees and contractors to use their devices on secure networks.

ClearPass OnGuard’s Advanced endpoint posture assessments can automatically remediate or quarantine endpoints that violate corporate security and compliance policies.

Customized visitor experience

It’s easy to implement secure guest access and create a customized web portal using your own brand. Leverage unique features such as sponsor approval, credential delivery or usage policies via email or text.

Secure wired access control

Make sure you secure those Ethernet ports behind IP desk phones and in conference rooms that are not using secure 802.1X.

CPPM Product features

Implement reliable network access control based on Zero Trust Security.

AI-powered visibility

ClearPass Policy Manager has built in device discovery and profiling features that can be complemented with AI-powered ClearPass Device Insight or HPE Aruba Networking Central Client Insights.

Robust authentication

ClearPass authenticates the user or device identity against a wide variety of identity sources such as Microsoft AD, LDAP, ODBC-compliant SQL database, token servers, and internal databases.

Secure authorization

ClearPass provides authorization based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time of day.

Reliable policy enforcement

When a security compromised is detected ClearPass can be signaled to take a response action from a wide range of security, network and IT sources.

Powerful integrations

ClearPass is a vendor agnostic solution and seamlessly integrates with more than 140 security-based partner solutions to provide robust authorization and enforcement.

SSO support

Single sign-on (SSO) support works with Ping, Okta, and other identity management tools to improve user experience of SAML 2.0-based applications.

Details and specifications for HPE Aruba Networking ClearPass Policy Manager

Details and specifications for HPE Aruba Networking ClearPass Policy Manager
  • Appliances
    • ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure.
      • VMware ESXi up to 8.0
      • Microsoft Hyper-V 2016/2019 R2/2019 and Windows 2016 R2 Enterprise
      • KVM on CentOS 7.7 and Ubuntu 18.04 LTS
      • KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04
      • Amazon AWS (EC2)
      • Microsoft Azure
    Platform
    • Deployment templates for any network type, identity store and endpoint
    • 802.1X, MAC authentication and captive portal support
    • ClearPass OnConnect for SNMP-based enforcement on wired switches
    • Advanced reporting, analytics and troubleshooting tools
    • Interactive policy simulation and monitor mode utilities
    • Multiple device registration portals – Guest, Aruba AirGroup, BYOD, and un-managed devices
    • Admin/operator access security via CAC and TLS certificates
    Framework and protocol support
    • RADIUS, RADIUS Dynamic Authorization, TACACS+, web authentication, SAML v2.0
    • RadSec (TLS encoded RADIUS)
    • TEAP (Tunneled EAP)
    • EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
    • PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAPPublic, EAP-PWD)
    • TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)
    • EAP-TLS
    • PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
    • OAuth2
    • WPA3
    • Windows machine authentication
    • SMB v2/v3
    • Online Certificate Status Protocol (OCSP)
    • SNMP generic MIB, SNMP private MIB
    • Common Event Format (CEF), Log Event Extended Format (LEEF), and RFC5424
    Supported identity stores
    • Microsoft Active Directory
    • RADIUS
    • Any LDAP compliant directory
    • MySQL, Microsoft SQL, PostGRES and Oracle 11g ODBC-compliant SQL server
    • Token servers
    • Built-in SQL store, static hosts list
    • Kerberos
    • Microsoft Azure Active Directory
    • Google G Suite
    RFC standards
    • 2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302, 4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176, 5216, 5246, 5280, 5281, 7170, 7296, 7321, 7468, 7815, 8032, 8247
    Internet drafts
    • Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+, draft-ietfcurdle-pkix-00 EdDSA, Ed25519, Ed448, Curve25519 and Curve448 for X.509, draft-nourse-scep-23 (Simple Certificate Enrollment Protocol)
    Profiling methods
    • Operating conditions
    • Active: Nmap, WMI, SSH, SNMP
    • Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX, sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
    • ClearPass Device Insight
    • Integrated & 3rd Party: Onboard, OnGuard, ArubaOS, EMM/MDM, Cisco device sensor
    IPv6 Support
    • RADIUS
    • TACACS+
    • Clustering (intra-node communication)
    • Web and CLI based management
    • IPv6 addressed authentication & authorization servers
    • IPv6 accounting proxy
    • IPv6 addressed endpoint context servers
    • Syslog, DNS, NTP, IPsec IPv6 targets
    • IPv6 Virtual IP for high availability
    • HTTP Proxy
    • Ingress Event Engine Syslog sources
    Information assurance validations
    • FIPS 140-2 – Certificate #2577
    • Common Criteria NDcPP + Authentication Server (ClearPass)
    • USGv6 approved
HPE Aruba Networking ClearPass security portfolio receives coveted Cyber Catalyst designation

HPE Aruba Networking ClearPass security portfolio receives coveted Cyber Catalyst designation

For the second consecutive time, Marsh Cyber Catalyst Program recognizes HPE Aruba Networking’s security innovations for the ability to reduce cyber risk for Zero Trust and SASE implementations.

HPE Aruba Networking ClearPass success stories

Healthcare | Enfermera-Isabel-Zendal

Learn how ClearPass Policy Manager takes a central role for the orchestration of the hospital's network access management by allowing the team to define access policies based on the profile of users and devices and a host of definable criteria.

Manufacturing | DM

Learn how DM uses ClearPass to implement consistent role-based network policies.

Primary Education | Decatur City Schools

Learn how ClearPass unifies wired and wireless policies to help schools authenticate students, teachers, staff, and guests, saving time and addressing security needs.

Related products

HPE Aruba Networking ClearPass is a vendor agnostic solution that works seamlessly with HPE Aruba Networking and third-party network devices.

HPE Aruba Networking switches

Discover a switching portfolio purpose-built for cloud, mobile, and IoT.

HPE Aruba Networking access points

Offering a versatile 802.11ax and 802.11ac portfolio, HPE Aruba Networking's simple, fast, and secure access points support a wide range of use cases and deployment needs. Boosting IT, user, and IoT experiences, our APs rise to meet today's most challenging Wi-Fi use cases.

AI-powered client visibility

Client Insights, an important starting point for Zero Trust, delivers the visibility and intelligence needed to address the risk of unidentified and unmanaged devices on the network.

Screenshot of the Aruba Central dashboard

HPE Aruba Networking Central

A cloud-based networking solution with AI-powered insights, workflow automation, and edge-to-cloud security, HPE Aruba Networking Central empowers IT to manage and optimize campus, branch, remote, data center, and IoT networks from one dashboard.

Talk to our security experts now!